sls-logstore-enabled-encrypt

更新时间:
复制 MD 格式

Checks whether data encryption is enabled for a Log Service Logstore.

Scenarios

Log Service supports encrypting data at rest with Key Management Service (KMS).

Risk level

Default risk level: medium.

You can change the risk level when you apply this rule.

Evaluation logic

  • If data encryption is enabled for the Logstore, the evaluation result is compliant.
  • If data encryption is disabled for the Logstore, the evaluation result is non-compliant. Correct this by following Non-compliance remediation.

Rule details

Item Description
Rule name sls-logstore-enabled-encrypt
Rule ID sls-logstore-enabled-encrypt
Tag SLS and LogStore
Automatic remediation Not supported
Trigger type Configuration change and periodic execution
Time interval 24 hours
Supported resource type Log Service flow logs
Input parameter None

Non-compliance remediation

Enable data encryption for the Logstore in Log Service. For more information, see Data encryption.